This time on the show we'll be talking with Jon Anderson about Capsicum and Casper to securely sandbox processes. After that, our tutorial will show you how to encrypt all your DNS lookups, either on a single system or for your whole network. News, emails and all the usual fun, on BSD Now - the place to B.. SD.
This episode was brought to you by
Headlines
BSDCan 2014 talks and reports
The majority of the BSDCan talks are finally uploaded, so prepare to be flooded with linksKarl Lehenbauer's keynote (he's on next week's episode)Mariusz Zaborski and Pawel Jakub Dawidek,Capsicum and Casper (relevant to today's interview)
Luigi Rizzo,In-kernel OpenvSwitch on FreeBSD
Dwayne Hart, Migrating from Linux to FreeBSD for Backend Data StorageWarner Losh, NAND Flash and FreeBSDSimon Gerraty, FreeBSD bmake and Meta ModeBob Beck, LibreSSL - The First 30 DaysHenning Brauer, OpenBGPD Turns 10 Years OldArun Thomas, BSD ARM Kernel InternalsPeter Hessler, Using BGP for Realtime Spam ListsPedro Giffuni, Features and Status of FreeBSD's Ext2 ImplementationMatt Ahrens, OpenZFS Upcoming Features and Performance EnhancementsDaichi Goto, Shellscripts and CommandsBenno Rice, Keeping CurrentSean Bruno, MIPS Router HackingJohn-Mark Gurney, Optimizing GELI PerformancePatrick Kelsey, Userspace Networking with libuinetMassimiliano Stucchi, IPv6 Transitioning MechanismsRoger Pau Monné, Taking the Red PillShawn Webb, Introducing ASLR in FreeBSDThere's also a trip report from Peter Hessler and one from Julio MerinoThe latter report also talks about how, unfortunately, NetBSD basically had no presence in the event at all (and how that's a recurring trend)***
Defend your network and privacy with a VPN and OpenBSD
After all the recent news about spying, backdoored routers, deep packet inspection and everything else, you might want to start taking steps at getting some privacy backThis article describes how to set up a secure network gateway and VPN using OpenBSD and related crypto utilitiesThere are bits for DHCP, DNS, OpenVPN, DNSCrypt and a watchdog script to make sure your tunnel is always being usedYou can transparently tunnel all your outbound traffic over the VPN with this configuration, nothing is needed on any of the client systems - this could also be used with Tor (but it would be very slow)It also includes a few general privacy tips, recommended browser extensions, etcThe intro to the article is especially great, so give the whole thing a readHe mentions our OpenBSD router guide and other tutorials being a big help for this setup, so hello if you're watching!***
You should try FreeBSD
In this blog post, the author talks a bit about how some Linux people aren't familiar with the BSDs and how we can take steps to change thatHe goes into some FreeBSD history specifically, then talks about some of the apparent (and not-so-apparent) differences between the twoPossibly the most useful part is how to address the question "my server already works, why bother switching?""Stackoverflow’s answers assume I have apt-get installed"It includes mention of the great documentation, stability, ports, improved security and much moreA takeaway quote for would-be Linux switchers: "I like to compare FreeBSD to a really tidy room where you can find everything with your eyes closed. Once you know where the closets are, it is easy to just grab what you need, even if you have never touched it before"***
OpenBSD and the little Mauritian contributor
This is a story about a guy from Mauritius named Logan, one of OpenBSD's newest developersBack in 2010, he started sending in patched for OpenBSD's "mg" editor, among other small things, and eventually added file transfer resume support for SFTPThe article talks about his journey from just a guy who submits a patch here and there to joining the developer ranks and even getting his picture taken with Theo at a recent hackathonIt really shows how easy it is to get involved with the different BSDs and contribute back to the software ecosystemCongrats to Logan, and hopefully this will inspire more people to start helping out and contributing code back***
Interview - Jon Anderson -
[email protected]Tutorial
Encrypting DNS lookups
News Roundup
FreeBSD Journal, May 2014 issue
The newest issue of the FreeBSD Journal is out, following the bi-monthly release cycleThis time the topics include: a letter from the foundation, a ports report, some 9.3-RELEASE plans, an events calendar, an overview of ipfw, exploring network activity with dtrace, an article about kqueue, data distribution with dnssec and finally an article about TCP scalingPick up your (digital) copy at Amazon, Google Play or on iTunes and have a read***
LibreSSL porting update
Since the last LibreSSL post we covered, a couple unofficial "portable" versions have died offUnfortunately, people still think they can just port LibreSSL to other BSDs and Linux all willy-nilly - stop doing that!This post reiterates that LibreSSL currently relies on a lot of OpenBSD-specific security functions that are not present in other systems, and also gives a very eye-opening examplePlease wait for an official portable version instead of wasting time with these dime-a-dozen github clones that do more harm than good***
BSDMag May 2014 issue is out
The usual monthly release from BSDMag, covering a variety of subjectsThis time around the topics include: managing large development projects using RCS, working with HAMMER FS and PFSes, running MeteorJS on FreeBSD 11, another bhyve article, more GIMP tutorials and a few other thingsIt's a free PDF, go grab it***
BSDTalk episode 241
A new episode of BSDTalk is out, this time with Bob BeckHe talks about the OpenBSD foundation's recent activities, his own work in the project, some stories about the hardware in Theo's basement and a lot moreThe interview itself isn't about LibreSSL at all, but they do touch on it a bit tooReally interesting stuff, covers a lot of different topics in a short amount of time***
Feedback/Questions
We got a number of replies about last week's VPN question, so thanks to everyone who sent in an email about it - the vpnc package seems to be what we were looking forTim writes inAJ writes inPeter writes inThomas writes inMartin writes in***
View all episodes
